exa-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly performs web searches and fetches/extracts arbitrary web pages and PDFs via Exa (see references/web-search.md and references/web-extract.md and the runtime scripts scripts/exa_search.py and scripts/exa_extract.py), and instructs the agent to read, parse, and synthesize claims from those public, user/third‑party sources, thus exposing it to untrusted third‑party content that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill calls Exa.get_contents at runtime to fetch user-supplied URLs (e.g., https://arxiv.org/abs/1706.03762) and its web-extract flow requires returning the fetched content verbatim, so arbitrary remote content can be injected into and directly influence the agent's prompts/responses.